D0nut Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (255)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en176
ru48
zh20
fr4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA130
RU: Russia66
CN: China32
GB: Great Britain20
ES: Spain2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TrickBot9
RedLine Stealer7
Cobalt Strike5
DCRat4
Conti3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined96
Content Management System14
JavaScript Library10
Programming Language Software8
Web Server8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined104
Microsoft10
Apache10
F56
Oracle4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress8
Microsoft Exchange Server6
Apache HTTP Server6
phpMyAdmin4
PHP4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.36CVE-2010-0966
3Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot definedOfficial fix 0.097610.02CVE-2022-27228
4jQuery html cross site scripting5.95.8$0-$5k$0-$5kAttackedOfficial fixverified0.218310.02CVE-2020-11023
5Znuny AJAX Request sql injection6.36.0$0-$5k$0-$5kNot definedOfficial fix 0.001540.09CVE-2024-32493
6ILIAS Cloze Test Text gap Persistent cross site scripting5.25.1$0-$5k$0-$5kNot definedOfficial fix 0.006070.00CVE-2019-1010237
7Oracle WebLogic Server Web Container path traversal5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial fixexpected0.883330.00CVE-2013-3827
8Yii Framework runAction sql injection8.07.9$0-$5k$0-$5kNot definedOfficial fix 0.076670.00CVE-2023-26750
9Harbor improper authentication6.96.8$0-$5k$0-$5kNot definedNot definedpossible0.785600.03CVE-2022-46463
10Jitsi Meet hard-coded credentials8.57.9$0-$5k$0-$5kNot definedNot defined 0.003630.02CVE-2020-11878
11nginx request smuggling6.96.9$0-$5k$0-$5kNot definedNot defined 0.000000.09CVE-2020-12440
12Atlassian JIRA Server/Data Center QueryComponent!Default.jspa information disclosure5.35.1$0-$5k$0-$5kNot definedOfficial fixexpected0.928550.04CVE-2020-14179
13WordPress Pingback server-side request forgery5.75.7$5k-$25k$5k-$25kNot definedNot defined 0.207960.02CVE-2022-3590
14Bitrix24 ajax.php server-side request forgery8.58.5$0-$5k$0-$5kNot definedNot defined 0.007320.07CVE-2020-13484
15Fortinet FortiOS/FortiProxy Administrative Interface authentication bypass9.89.7$25k-$100kCalculatingAttackedOfficial fixverified0.944270.02CVE-2022-40684
16Apache Tomcat HTTP Digest Authentication Implementation improper authentication8.27.1$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.030810.00CVE-2012-5887
17TEM FLEX-1080/FLEX-1085 Log log.cgi information disclosure5.34.7$0-$5k$0-$5kProof-of-ConceptWorkaround 0.030180.03CVE-2022-1077
18F5 BIG-IP iControl REST Authentication bash missing authentication9.89.7$5k-$25k$0-$5kAttackedOfficial fixverified0.944560.02CVE-2022-1388
19Vmware Workspace ONE Access/Identity Manager Template injection9.89.6$5k-$25k$0-$5kAttackedOfficial fixverified0.944410.00CVE-2022-22954
20Apache Groovy MethodClosure.java MethodClosure injection8.58.5$5k-$25k$5k-$25kNot definedNot definedpossible0.524600.05CVE-2015-3253

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
183.149.93.150D0nut11/09/2023verifiedHigh
2XX.XXX.XX.Xxxxxxxxxxxxxxxxxxx.xxxXxxxx11/09/2023verifiedHigh
3XXX.XX.XXX.XXxxx.xxxxx.xxxXxxxx11/09/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (119)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index2.htmlpredictiveHigh
2File/admin/login.phppredictiveHigh
3File/app/Http/Controllers/Admin/NEditorController.phppredictiveHigh
4File/mgmt/tm/util/bashpredictiveHigh
5File/mifs/c/i/reg/reg.htmlpredictiveHigh
6File/secure/QueryComponent!Default.jspapredictiveHigh
7File/secure/ViewCollectorspredictiveHigh
8File/SessionpredictiveMedium
9File/usr/bin/pkexecpredictiveHigh
10File/xAdmin/html/cm_doclist_view_uc.jsppredictiveHigh
11File/xxl-job-admin/jobinfopredictiveHigh
12Fileadclick.phppredictiveMedium
13Fileadd_comment.phppredictiveHigh
14Fileadmin/content.phppredictiveHigh
15Filexxx-xxx/xxxxxxx.xxpredictiveHigh
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxxxxx.xxxpredictiveMedium
18Filexxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
19Filex_xxxxxxpredictiveMedium
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxx_xxxxx.xxxpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxx_xxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
26Filexx/xxxxx/xxxxxxx.xpredictiveHigh
27Filexxxxxxxxxxx.xpredictiveHigh
28Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
29Filexxxxxxxxx.xxxpredictiveHigh
30Filexxx/xxxxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxxx.xxx/xxxxxxx/xxxxxpredictiveHigh
33Filexxxxx.xxpredictiveMedium
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxx.xxxpredictiveMedium
36Filexxxx_xxxxxxx.xxxxpredictiveHigh
37Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHigh
38Filexxx.xxxpredictiveLow
39Filexxxxx-xxxx-xxxx.xxxpredictiveHigh
40Filexxxxxxxxxxxx.xxxpredictiveHigh
41Filexxx_xxxxx_xxxx.xpredictiveHigh
42Filexxxxxxx.xxxpredictiveMedium
43Filexxxxxxx_xxxxxxx_xxxx.xxxpredictiveHigh
44Filexxx_xxxxxx.xxxxpredictiveHigh
45Filexxxxxxxx.xxxpredictiveMedium
46Filexxxxxxxx.xxxpredictiveMedium
47Filexxxxxxx.xxxpredictiveMedium
48Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
49Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
50Filexxxxxx.xxpredictiveMedium
51Filexxxxxx_xxxxxxx.xxxpredictiveHigh
52Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
53Filexxxx.xxxpredictiveMedium
54Filexxxx.xxpredictiveLow
55Filexxxxxxxx_xxxx.xxxpredictiveHigh
56Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
57Filexxxxx.xxxpredictiveMedium
58Filexxx_xxx_xxxxx.xxxpredictiveHigh
59Filexxxxxxxx.xxxxx.xxxpredictiveHigh
60Filexxxxx.xpredictiveLow
61Filexxx-xxx/predictiveMedium
62Filexxxxxxx/xxx/xxxxxxxpredictiveHigh
63Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxxxpredictiveHigh
64Filexx-xxxx.xxxpredictiveMedium
65Filexx-xxxxxxxxx.xxxpredictiveHigh
66Argument*xxxxpredictiveLow
67ArgumentxxpredictiveLow
68ArgumentxxxxxxxxxxxxpredictiveMedium
69ArgumentxxxxxxpredictiveLow
70ArgumentxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxpredictiveMedium
72ArgumentxxxxxxxxpredictiveMedium
73Argumentxxx_xxpredictiveLow
74Argumentxxxxxx_xxpredictiveMedium
75ArgumentxxxxxxpredictiveLow
76Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveHigh
77ArgumentxxxxpredictiveLow
78ArgumentxxxpredictiveLow
79ArgumentxxxxxxxxxxpredictiveMedium
80ArgumentxxxxxxxpredictiveLow
81Argumentxx_xxxx/xxxxx/xxxpredictiveHigh
82Argumentxxxxxxxxx->xxxxxxxxxpredictiveHigh
83ArgumentxxxxpredictiveLow
84ArgumentxxxxxxxxpredictiveMedium
85Argumentxxxxxx_xxxxx_xxxpredictiveHigh
86Argumentxxxxxxx[xx_xxx_xxxx]predictiveHigh
87ArgumentxxxxpredictiveLow
88ArgumentxxxxpredictiveLow
89Argumentxxxx_xxxxxpredictiveMedium
90ArgumentxxpredictiveLow
91ArgumentxxpredictiveLow
92ArgumentxxxxxxpredictiveLow
93ArgumentxxxxxxxpredictiveLow
94Argumentxxxx_xxxxxx_xxxxxx_xxxxpredictiveHigh
95ArgumentxxxxxxpredictiveLow
96Argumentxxxxxxx/xxxxxxxxxpredictiveHigh
97ArgumentxxxxpredictiveLow
98ArgumentxxxxxxxxpredictiveMedium
99Argumentxx_xxx_xxxpredictiveMedium
100ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
101ArgumentxxxxxxxxxpredictiveMedium
102Argumentxxxxxxxx_xxpredictiveMedium
103Argumentxxxxxxx xxxxxpredictiveHigh
104ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
105ArgumentxxxxxxpredictiveLow
106ArgumentxxxxxxpredictiveLow
107Argumentxxxxxx_xxxpredictiveMedium
108ArgumentxxxxxxpredictiveLow
109Argumentxx_xxpredictiveLow
110Argumentxxxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
111ArgumentxxxxxpredictiveLow
112ArgumentxxpredictiveLow
113ArgumentxxxxxxpredictiveLow
114Argument_xxxxxx[xxxxxxxx_xxxx]predictiveHigh
115Input Value/xxxxxx/..%xxpredictiveHigh
116Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictiveHigh
117Pattern__xxxxxxxxx=predictiveMedium
118Network PortxxxxpredictiveLow
119Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!